NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2024-6747 | Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data | 5.3 | 0.42% | 2024-10-10 | 2026-06-17 |
| CVE-2024-38862 | Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators. | 5.1 | 0.32% | 2024-10-14 | 2026-06-17 |
| CVE-2024-38863 | Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks. | 5.1 | 0.41% | 2024-10-14 | 2026-06-17 |
| CVE-2024-47094 | Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users. | 5.7 | 0.21% | 2024-11-29 | 2026-06-17 |
| CVE-2024-47093 | Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS | 8.8 | 0.51% | 2024-12-19 | 2026-06-17 |
| CVE-2024-38864 | Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data. | 4.8 | 0.18% | 2024-12-19 | 2026-06-17 |
| CVE-2025-1075 | Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators. | 5.6 | 0.29% | 2025-02-19 | 2026-06-17 |
| CVE-2024-47092 | Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api prior to 5.8.1 | 7.7 | 0.35% | 2025-03-03 | 2026-06-17 |
| CVE-2025-2596 | Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL) | 2.3 | 0.20% | 2025-03-26 | 2026-06-17 |
| CVE-2024-38865 | Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for an event to originate from a host with the same contact group or from an event generated with an unknown host. | 6.0 | 0.71% | 2025-04-10 | 2026-06-17 |
| CVE-2025-2092 | Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files accessible to administrators. | 7.1 | 0.29% | 2025-04-22 | 2026-06-17 |
| CVE-2025-3506 | Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets. | 6.3 | 0.27% | 2025-05-08 | 2026-06-17 |
| CVE-2025-32917 | Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate privileges. | 5.2 | 0.26% | 2025-05-13 | 2026-06-17 |
| CVE-2025-1712 | Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files | 8.7 | 0.66% | 2025-05-21 | 2026-06-17 |
| CVE-2025-32915 | Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). This allows a local attacker to read sensitive data. | 4.3 | 0.06% | 2025-05-22 | 2026-06-17 |
| CVE-2024-38866 | Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection | 5.3 | 0.30% | 2025-05-27 | 2026-06-17 |
| CVE-2024-47090 | Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS | 5.1 | 0.19% | 2025-05-27 | 2026-06-17 |
| CVE-2025-32918 | Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions <2.4.0p6, <2.3.0p35, <2.2.0p44, and 2.1.0 (EOL) allows an authenticated user to inject arbitrary Livestatus commands. | 5.3 | 0.33% | 2025-07-04 | 2026-06-17 |
| CVE-2025-58123 | Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in MitM position to intercept traffic. | 6.9 | 0.10% | 2025-08-28 | 2026-06-17 |
| CVE-2025-58124 | Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic. | 6.9 | 0.10% | 2025-08-28 | 2026-06-17 |